Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Trying to trace where a suspicious file came from that appeared on my Exchange Server.

Posted on 2002-05-21
3
Medium Priority
?
245 Views
Last Modified: 2013-12-28
I have found a couple suspicious password hacking program files residing in a temp folder on my Exchange Server.  To be exact, I found L0phtcrack & Samdump files, and a few others,  in zip format.  It also looks as though someone tried to install L0phtcrack on the server.  Or they succeded in doing so & then later deleted the program without uninstalling it.  A colleague told me about a utility he once had called "Snoop Plus" (or something like that).  This utility, he said, would be able to tell me, among other things, precisely where these files originated from.  For example, if the files were copied from another PC on the network to the Server's drive, the utility would be able to tell me what PC had copied the files onto the server. Or if they were copied from a CD it would tell me that the originated from another local drive on this Server.  Is there such a utility?? Where can I find it?  The only utility I've found on the web with the name Snoop, appears to be a Sun Solaris utility.  Is there another way to narrow down where these files originated from??  Thank you.

Added Comment:  Thanks for the Suggestion 'CSuvendra'.  Unfortunately it is a FAT partition & I cannot access any ownership properties.
0
Comment
Question by:rvshrader
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Expert Comment

by:ITsheresomewhere
ID: 7025580
listening here....

ITsy
0
 
LVL 2

Accepted Solution

by:
CSuvendra earned 400 total points
ID: 7026099
Just a suggestion. You can always check the Ownership of the zip File from Properties and check who downloaded the file on the Server. Maybe that will give you an insight.
0
 

Expert Comment

by:JW2
ID: 7033128
How about Who's Watching Me at www.trapware.com
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question